Ignore:
Timestamp:
01/11/10 16:30:22 (10 years ago)
Author:
pjkersha
Message:

Working and tested version with functionality for adding custom attribute value types and functions.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/ndg_xacml/ndg/xacml/test/context/test_pdp_with_custom_attributevalue_types.py

    r7668 r7682  
    2020from ndg.xacml.core.attributevalue import AttributeValueClassFactory 
    2121from ndg.xacml.core.functions import functionMap 
    22 from ndg.xacml.core.functions.v1.bag import BagBase 
    23 from ndg.xacml.core.functions.v1.at_least_one_member_of import \ 
    24     AtLeastOneMemberOfBase  
    2522from ndg.xacml.core.context.request import Request 
    2623from ndg.xacml.core.context.subject import Subject 
     
    3532from ndg.xacml.test import (XACML_ESGFTEST1_FILEPATH,   
    3633                            GroupRoleAttributeValue,  
    37                             ETreeGroupRoleDataTypeReader) 
     34                            ETreeGroupRoleDataTypeReader, 
     35                            GroupRoleBag, 
     36                            GroupRoleAtLeastOneMemberOf) 
    3837from ndg.xacml.test.context import (AnyUriAttributeValue, StringAttributeValue, 
    3938                                    SUBJECT_ID) 
    4039 
    41  
     40     
    4241class XacmlEvalPdpWithCustomAttrTypes(unittest.TestCase): 
    4342    """Evaluate a policy which contains custom XACML Attribute Value Data types 
    4443    """ 
    4544    AT_LEAST_ONE_SUBJECT_ROLE_RESTRICTED_ID = \ 
    46         'http://localhost/at-least-of-subject-role-restricted'        
    47           
     45        'http://localhost/at-least-one-of-subject-role-restricted'        
     46    SUBJECT_DOES_NOT_HAVE_ANY_OF_SPECIFIED_ROLES_ID = \ 
     47        'http://localhost/subject-does-not-have-any-of-specified-roles' 
     48         
    4849    @staticmethod 
    4950    def _createRequestCtx(resourceId,  
     
    121122         
    122123        # Add extra matching and bag functions 
     124        functionMap['urn:grouprole-bag'] = GroupRoleBag 
     125        functionMap['urn:grouprole-at-least-one-member-of' 
     126                    ] = GroupRoleAtLeastOneMemberOf 
    123127         
    124128        # Example policy with custom attribute value type used with ESGF  
     
    135139            self.failIf(result.decision != Decision.PERMIT,  
    136140                        "Expecting Permit decision")     
    137              
     141                     
     142    def test02SubjectDoesNotHaveAnyOfSpecifiedRolesForResource(self): 
     143        # Test at least one member function 
     144        request = self._createRequestCtx( 
     145        self.__class__.SUBJECT_DOES_NOT_HAVE_ANY_OF_SPECIFIED_ROLES_ID, 
     146        action='write') 
     147         
     148        response = self.pdp.evaluate(request) 
     149        self.failIf(response is None, "Null response") 
     150        for result in response.results: 
     151            self.failIf(result.decision != Decision.DENY,  
     152                        "Expecting Deny decision")     
     153            
    138154             
    139155if __name__ == "__main__": 
Note: See TracChangeset for help on using the changeset viewer.